3pp-mirror/pushbits
1
0
Fork 0
mirror of https://github.com/pushbits/server.git synced 2025-07-31 23:29:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add scans with Semgrep

Browse source
This commit is contained in:
eikendev 2022-02-13 15:54:57 +01:00
parent 5cd3627dc6
commit 23e64b8380
No known key found for this signature in database
GPG key ID: A1BDB1B28C8EF694
73 changed files with 3006 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
internal/authentication/credentials/hibp.go
View file

@ -21,6 +21,7 @@ func IsPasswordPwned(password string) (bool, error) {
return true, nil
}
// nosemgrep: tests.semgrep.go.lang.security.audit.crypto.insecure-module-used, tests.semgrep.go.lang.security.audit.crypto.use-of-sha1
hash := sha1.Sum([]byte(password)) //#nosec G401 -- False positive, only the first 5 bytes are transmitted.
hashStr := fmt.Sprintf("%X", hash)
lookup := hashStr[0:5]